Iq Gateway Firmware Security Vulnerabilities and Issues — Iq Gateway Firmware CVE List

Lucene search

EnphaseIq Gateway Firmware

5 matches found

CVE•added 2024/08/12 1:38 p.m.•60 views

CVE-2024-21878

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is curren...

9.8CVSS6.6AI score0.00372EPSS

CVE•added 2024/08/12 1:38 p.m.•57 views

CVE-2024-21880

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x

8.6CVSS6.6AI score0.02491EPSS

CVE•added 2024/08/12 1:38 p.m.•56 views

CVE-2024-21877

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and

9.2CVSS6.5AI score0.00132EPSS

CVE•added 2024/08/12 1:38 p.m.•56 views

CVE-2024-21879

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and

8.8CVSS6.4AI score0.03565EPSS

CVE•added 2024/08/12 1:38 p.m.•49 views

CVE-2024-21876

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envoy: from 4.x to 8.x and

9.3CVSS6.4AI score0.00205EPSS